SSL client verification context

Matthias-Christian Ott ott at mirix.org
Thu Feb 10 18:04:32 MSK 2011


On Thu, Feb 10, 2011 at 04:20:51PM +0300, Igor Sysoev wrote:
> On Feb 10, 2011, at 10:36 , Matthias-Christian Ott wrote:
> 
> > Hi,
> > 
> > at the moment it is only possible to set variables for SSL client
> > verification in the http oder server context. I would be useful to have
> > them at least in location, so that one could verify the certificate
> > according to the requested directory. Would this be possible?
> 
> 
> These are not variables, but directives.

I confused both ;).

> You may try
> 
> server {
>    ssl_verify_client   optional;
> 
>    location /dir/ {
>        if ($ssl_client_verify != SUCCESS) {
>            return 403;
>        }

What I mean was the following

server {
    location /a {
        ssl_client_certificate a/ca.pem;
        ssl_crl a/a.crl;
    }
    
    location /b {
        ssl_client_certificate b/ca.pem;
        ssl_crl a/a.crl;
    }
}

As far as I can tell from the documentation, both Apache and lighttpd
seems to support this.

Regards,
Matthias-Christian



More information about the nginx-devel mailing list